CLAIMS 



We claim: 

1. In a local server that receives data from one or more remote clients over 
a data transport protocol, a method of generating an initial sequence number for use by 
a remote client when assigning sequence numbers to one or more data packets to be sent 
to the local server, the initial sequence number generated in a manner that prevents the 
local server from being attacked while maintaining reliable data transfer, the method 
comprising the acts of: 

generating a random input key using arbitrary information maintained secret by 
the local server; 

receiving a connection identifier key that includes connection information for at 
least the remote client; 

securely initializing a hash function with at least a portion of the random input 
key and at least a portion of the connection identifier key for determining an 
intermediate value of an initial sequence number; 

creating a monotonically increasing counter for ensuring that a same connection 




identifier does not have data collisions from competing sequence numbers within a 
predetermined period of time, and for ensuring randomness of the initial sequence 
number on a per connection basis for preventing attacks on the local server; 

incrementing the counter a fixed value based on a passage of a predetermined 



time period; 

incrementing the counter a variable amount depending upon a rate of 
connections with the local server, wherein if the rate of connections is beyond a 
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threshold value the variable increment is based on an elapsed time, otherwise the 
variable increment is based on each connection established with the local server; and 

combining the intermediate value, the fixed value and the variable amount for 
generating the initial sequence number. 

2. The method of claim 1, wherein if the rate of connections is below the 
threshold value, the fixed value is further incremented based on each connection 
established with the local server. 

3. The method of claim 2, wherein based on the fixed value, if a remote 
client's data transfer rate while connected to the local server is less than a specified byte 
rate then the connection identifier used by the remote client the is allowed immediate 
re-connection to the local server after the remote client disconnects. 

4. The method of claim 1, wherein the connection identifier key further 
includes connection information for one or more of the local server port, local server 
routing address, remote port and remote routing address. 
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6. The method of claim 1, wherein at least a second connection is made 
between the local server and a second remote client, and wherein the method further 
including the acts of: 

receiving a second connection identifier key that includes connection 
information for at least the second remote client; 

securely initializing the hash function with at least a portion of the random input 
key and at least a portion of the second connection identifier key for determining a 
second intermediate value of a second initial sequence number; 

based on at least a portion of the second connection identifier key, creating a 
second monotonically increasing counter for ensuring that a same connection identifier 
does not have data collisions from competing sequence numbers within a predetermined 
period of time, and for ensuring randomness of the second initial sequence number on a 
per connection basis for preventing attacks on the local server; 

incrementing the second counter the fixed value based on the passage of the 
predetermined time period; 

incrementing the second counter a second variable amount depending upon a 
rate of connections with the local server and for those connections associated with the 
second counter, wherein if the rate of connections with the local server and for those 
connections associated with the second counter is beyond a threshold value the variable 
increment is based on an elapsed time, otherwise the variable increment is based on 
each connection established with the local server and associated with the second 
counter; and 

combining the second intermediate value, the fixed value and the second 
variable amount for generating the second initial sequence number. 
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7. The method of claim wherein 1, wherein the arbitrary information 
maintained as a secret by the local server is based on timing, state conditions for the 
local server, or both, at boot up time of the local server, which include one or more of a 
time of day, a day of month, a month, a year, a local server hard drive head position, 
and whether input was detected by hardware of the local server. 

8. The method of claim 1, wherein the combining of the intermediate value, 
the fixed value and the variable amount is a mathematical operation or function. 

9. The method of claim 1, wherein if the rate of connections is beyond the 
threshold value the variable increments up to an amount of 0x000022FB every 
millisecond, otherwise the variable increment is an amount between 16 K and 32 K. 

10. The method of claim 1, wherein the monotonically increasing counter is 
shared by at least two connections at the same time. 
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11. In a local server that receives data from one or more remote clients over 
a data transport protocol, a method of generating an initial sequence number for use by 
a remote client when assigning sequence numbers to one or more data packets to be sent 
to the local server, the initial sequence number generated in a manner that prevents the 
local server from being attacked while maintaining reliable data transfer, the method 
comprising the steps for: 

determining an intermediate value of an initial sequence number by hashing a 
random input key and a connection identifier key, which includes connection 
information for at least the remote client, the random input key being generated using 
arbitrary information maintained secret by the local server; 

ensuring that a same connection identifier does not have data collisions from 
competing sequence numbers within a predetermined period of time, and ensuring 
randomness of the initial sequence number on a per connection basis for preventing 
attacks on the local server by monotonically incrementing a counter both a fixed value 
based on a passage of a predetermined time period and a variable amount depending 
upon a rate of connections with the local server, wherein if the rate of connections is 
beyond a threshold value the variable increment is based on an elapsed time, otherwise 
o: J the variable increment is based on each connection established with the local server; 
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12. The method of claim 11, wherein if the rate of connections is below the 
threshold value, the fixed value is further incremented based on each connection 
established with the local server. 
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13. The method of claim 12, wherein the fixed value is 25.6 K, and wherein 
if a remote client's data transfer rate while connected to the local server is less than 256 
K then the connection identifier used by the remote client the is allowed immediate re- 
connection to the local server after the remote client disconnects. 

14. The method of claim 11, wherein the connection identifier key further 
includes connection information for one or more of the local server port, local server 
routing address, remote port and remote routing address. 

15. The method of claim 14, wherein the data transport protocol is 
Transmission Control Protocol, and wherein the local and remote routing addresses are 
Internet Protocol addresses. 
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16. The method of claim 11, wherein at least a second connection is made 
between the local server and a second remote client, and wherein the method further 
including the acts of: 

receiving a second connection identifier key that includes connection 
information for at least the second remote client; 

securely initializing the hash function with at least a portion of the random input 
key and at least a portion of the second connection identifier key for determining a 
second intermediate value of a second initial sequence number; 

based on at least a portion of the second connection identifier key, creating a 
second monotonically increasing counter for ensuring that a same connection identifier 
does not have data collisions from competing sequence numbers within a predetermined 
period of time, and for ensuring randomness of the second initial sequence number on a 
per connection basis for preventing attacks on the local server; 

incrementing the second counter the fixed value based on the passage of the 
predetermined time period; 

incrementing the second counter a second variable amount depending upon a 
rate of connections with the local server and for those connections associated with the 
§ § * S second counter, wherein if the rate of connections with the local server and for those 
S S < B 5 connections associated with the second counter is beyond a threshold value the variable 
5 2 § g £ « increment is based on an elapsed time, otherwise the variable increment is based on 
2 * § s j each connection established with the local server and associated with the second 
counter; and 

combining the second intermediate value, the fixed value and the second 
variable amount for generating the second initial sequence number. 
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17. The method of claim wherein 11, wherein the arbitrary information 
maintained as a secret by the local server is based on timing, state conditions for the 
local server, or both, at boot up time of the local server, which include one or more of a 
time of day, a day of month, a month, a year, a local server hard drive head position, 
and whether input was detected by hardware of the local server. 



18. The method of claim 11, wherein the combining of the intermediate 
value, the fixed value and the variable amount is a mathematical operation or function. 

19. The method of claim 11, wherein if the rate of connections is beyond the 
threshold value the variable increments up to an amount of 0x000022FB every 
millisecond, otherwise the variable increment is an amount between 16 K and 32 K. 
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20. The method of claim 1 1, wherein the monotonically increasing counter is 
shared by at least two connections at the same time. 
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21. For a local server that receives data from one or more remote clients over 
a data transport protocol, a computer program product comprising computer readable 
media carrying computer executable instructions that implement a method of generating 
an initial sequence number for use by a remote client when assigning sequence numbers 
to one or more data packets to be sent to the local server, the initial sequence number 
generated in a manner that prevents the local server from being attacked while 
maintaining reliable data transfer, the method comprising the acts of: 

generating a random input key using arbitrary information maintained secret by 
the local server; 

receiving a connection identifier key that includes connection information for at 
least the remote client; 

securely initializing a hash function with at least a portion of the random input 
key and at least a portion of the connection identifier key for determining an 
intermediate value of an initial sequence number; 

creating a monotonically increasing counter for ensuring that a same connection 
identifier does not have data collisions from competing sequence numbers within a 
predetermined period of time, and for ensuring randomness of the initial sequence 
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connections with the local server, wherein if the rate of connections is beyond a 
threshold value the variable increment is based on an elapsed time, otherwise the 
variable increment is based on each connection established with the local server; and 
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combining the intermediate value, the fixed value and the variable amount for 
generating the initial sequence number. 



22. The computer program product of claim 21, wherein if the rate of 
connections is below the threshold value, the fixed value is further incremented based 
on each connection established with the local server. 

23. The computer program product of claim 22, wherein the fixed value is 
25.6 K, and wherein if a remote client's data transfer rate while connected to the local 
server is less than 256 K then the connection identifier used by the remote client the is 
allowed immediate re-connection to the local server after the remote client disconnects. 

24. The computer program product of claim 21, wherein the connection 
identifier key further includes connection information for one or more of the local 
server port, local server routing address, remote port and remote routing address. 

25. The computer program product of claim 24, wherein the data transport 
n § as M | protocol is Transmission Control Protocol, and wherein the local and remote routing 
P^ShH addresses are Internet Protocol. 
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26. The computer program product of claim 21, wherein at least a second 
connection is made between the local server and a second remote client, and wherein 
the computer executable instructions further implement the method including the acts 
of: 

receiving a second connection identifier key that includes connection 
information for at least the second remote client; 

securely initializing the hash function with at least a portion of the random input 
key and at least a portion of the second connection identifier key for determining a 
second intermediate value of a second initial sequence number; 

based on at least a portion of the second connection identifier key, creating a 
second monotonically increasing counter for ensuring that a same connection identifier 
does not have data collisions from competing sequence numbers within a predetermined 
period of time, and for ensuring randomness of the second initial sequence number on a 
per connection basis for preventing attacks on the local server; 

incrementing the second counter the fixed value based on the passage of the 
predetermined time period; 

incrementing the second counter a second variable amount depending upon a 
O § * r , = rate of connections with the local server and for those connections associated with the 
S 8 6 p H S second counter, wherein if the rate of connections with the local server and for those 
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each connection established with the local server and associated with the second 
counter; and 
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combining the second intermediate value, the fixed value and the second 
variable amount for generating the second initial sequence number. 



27. The computer program product of claim wherein 21, wherein the 
arbitrary information maintained as a secret by the local server is based on timing, state 
conditions for the local server, or both, at boot up time of the local server, which 
include one or more of a time of day, a day of month, a month, a year, the local server 
hard drive position, and whether input was detected by hardware of the local server. 



28. The computer program product of claim 21, wherein the combining of 
the intermediate value, the fixed value and the variable amount is a mathematical 
operand or function. 



29. The computer program product of claim 21, wherein if the rate of 
connections is beyond the threshold value the variable increments up to an amount of 
0x000022FB every millisecond, otherwise the variable increment is an amount between 
16 K and 32 K. 
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31. For a local server that receives data from one or more remote clients over 
a data transport protocol, a computer program product comprising computer readable 
media carrying computer executable instructions that implement a method of generating 
an initial sequence number for use by a remote client when assigning sequence numbers 
to one or more data packets to be sent to the local server, the initial sequence number 
generated in a manner that prevents the local server from being attacked while 
maintaining reliable data transfer, the method comprising the steps for: 

determining an intermediate value of an initial sequence number by hashing a 
random input key and a connection identifier key, which includes connection 
information for at least the remote client, the random input key being generated using 
arbitrary information maintained secret by the local server; 

ensuring that a same connection identifier does not have data collisions from 
competing sequence numbers within a predetermined period of time, and ensuring 
randomness of the initial sequence number on a per connection basis for preventing 
attacks on the local server by monotonically incrementing a counter both a fixed value 
based on a passage of a predetermined time period and a variable amount depending 
upon a rate of connections with the local server, wherein if the rate of connections is 
beyond a threshold value the variable increment is based on an elapsed time, otherwise 
the variable increment is based on each connection established with the local server; 
and 

generating the initial sequence number by combining the intermediate value, the 
fixed value and the variable amount. 
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32. The computer program product of claim 31, wherein if the rate of 
connections is below the threshold value, the fixed value is further incremented based 
on each connection established with the local server. 

33. The computer program product of claim 32, wherein based on the fixed 
value, if a remote client's data transfer rate while connected to the local server is less 
than a specified byte rate then the connection identifier used by the remote client the is 
allowed immediate re-connection to the local server after the remote client disconnects. 

34. The computer program product of claim 31, wherein the connection 
identifier key further includes connection information for one or more of the local 
server port, local server routing address, remote port and remote routing address. 

35. The computer program product of claim 34, wherein the data transport 
protocol is Transmission Control Protocol, and wherein the local and remote routing 
addresses are Internet Protocol. 
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36. The computer program product of claim 31, wherein at least a second 
connection is made between the local server and a second remote client, and wherein 
the computer executable instructions further implement the method including the acts 
of: 

receiving a second connection identifier key that includes connection 
information for at least the second remote client; 

securely initializing the hash function with at least a portion of the random input 
key and at least a portion of the second connection identifier key for determining a 
second intermediate value of a second initial sequence number; 

based on at least a portion of the second connection identifier key, creating a 
second monotonically increasing counter for ensuring that a same connection identifier 
does not have data collisions from competing sequence numbers within a predetermined 
period of time, and for ensuring randomness of the second initial sequence number on a 
per connection basis for preventing attacks on the local server; 

incrementing the second counter the fixed value based on the passage of the 
predetermined time period; 

incrementing the second counter a second variable amount depending upon a 
rate of connections with the local server and for those connections associated with the 
second counter, wherein if the rate of connections with the local server and for those 
connections associated with the second counter is beyond a threshold value the variable 
increment is based on an elapsed time, otherwise the variable increment is based on 
each connection established with the local server and associated with the second 
counter; and 
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combining the second intermediate value, the fixed value and the second 
variable amount for generating the second initial sequence number. 



37.. The computer program product of claim wherein 31, wherein the 
arbitrary information maintained as a secret by the local server is based on timing, state 
conditions for the local server, or both, at boot up time of the local server, which 
include one or more of a time of day, a day of month, a month, a year, the local server 
hard drive position, and whether input was detected by hardware of the local server. 



38. The computer program product of claim 31, wherein the combining of 
the intermediate value, the fixed value and the variable amount is a mathematical 
operand or function. 



39. The computer program product of claim 31, wherein if the rate of 
connections is beyond the threshold value the variable increments up to an amount of 
0x000022FB every millisecond, otherwise the variable increment is an amount between 
16 K and 32 K. 
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